Archive

Posts Tagged ‘Security’

More Smartphones, More Risk: Mobilisafe Targets SMB’s With New Security Solution (Invites)

February 26, 2012 Leave a comment

Mobilisafe, the stealthy Seattle-based mobile security startup with $1.2 million in funding from Madrona Venture Group and Trilogy Equity Partnership, is opening up access to its private beta program today (invite link below) for a handful of TechCrunch readers.

Over and above, the company is revealing new insights it credited during its private beta period related to the penetration of mobile device in the SMB market, the area which happens to be the startup’s current area of focus.

Much of the current analysis on the consumerization of I.T. and the accompanying BYOD (“bring your own device”) trends are focused on the enterprise market, but Mobilisafe’s data comes from its own hands-on experience with SMB’s.

Mobilisafe was founded by former T-Mobile software architects Giri Sreenivas and Dirk Sigurdson. The firm focused on developing a security solution that gives hands to the companies to deal with the influx of personal devices on the corporate network. The startup does not offer businesses with tools to manage the increased number of mobile devices, it’s also performing data-mining on the aggregate data it collects, enabling its solution to learn over time, and become more predictive about its analysis and recommendations.

Mobilisafe’s big advantage is that it will be able to use the aggregate data to analyze whether an organization is more or less secure than its peers in the same industry or vertical. Right now, the focus is on providing this analysis and understanding to smaller businesses (between 15-2,500 employees), especially because they’re more at risk due to lower I.T. budgets and/or lack of in-house I.T. expertise. But such an ability could easily be useful in larger organizations in the future, if Mobilisafe wanted to go that route.

Over the past three months, Mobilisafe mapped out more than 38 million employee device connections (now up to 44M), which allowed it to uncover some interesting trends within the SMB market.

For example, the majority of SMB’s are highly mobilized, and are driven by BYOD programs, with above 80% of SMB employees already using smartphones and tablets. A new device model was introduced to a company for every 6.6 employees, but over half (56%) were running out-of-date firmware. SMB I.T. departments, meanwhile, are often at a loss when it comes to determining this sort of information for themselves.

In addition, around 39% of authenticated devices were inactive for over 30 days, something that could indicate devices which were lost, stolen, replaced or sold. In some cases, these devices may have had employee credentials and sensitive corporate data on them before disappearing off the network.

The data gathered here through Mobilisafe’s initial beta run is more of a confirmation of the market value for its mobile security solution, meant to simplify the challenges involved with assessing security risk and then knowing the next steps to take after being presented with specific issues.

Mobilisafe has been quietly running a private beta since late last year. Companies use its SaaS solution to tell Mobilisafe what kind of risk threshold they have, and then the startup does the heavy lifting to determine whether they’re falling above or below that threshold. The whole thing can be deployed in 15 minutes, without hardware or network changes, on-device software, or changes to employee behavior, the startup says.

Source: techcrunch

Advertisements

Four Must-Have Android Settings, From a Security Expert

February 23, 2012 Leave a comment

Google made an announcement last week that it has located a latest security flaw in Google Wallet,  through which a determined could root one’s non-rooted device ex post facto and retrieve your Google Wallet prepaid card. That was partly true. So we can assure that there is technical issue that remains still, even though if Google Wallet itself is safer.

To recap the Google Wallet brouhaha this month, first researcher Joshua Rubin from zvelo revealed a quick, simple brute force technique to extract the Google Wallet PIN from a rooted phone. But it actually requires some skills, but the next day The Smartphone Champ revealed that even in a non-rooted Nexus smartphone with Google Wallet, a thief can steal your Google Wallet prepaid card by simply wiping Google Wallet settings and attaching the app to a new Google account. Atlast, Rubin made a report on how a thief can root one’s non-rooted phone ex post facto and steal their Google Wallet funds. This is processed due to the root privileges that does not remove all the data on one’s Android device, and Google prepaid cards are stored in the device, not in one’s Google Wallet account.

Google made a respond to Rubin’s discovery. It suspended new prepaid cards on Sunday. The corporation began re-issuing Google Wallet prepaid cards on Tuesday, claiming that it has fixed the problem. But as a spokesman told Neil Rubenking, Google’s “fix” was to require users to contact Google Support to re-activate a Google Wallet account. So yes, the technical issue still remains.

Rubin, who discovered the latest hack and told us how one might get past the lock screen to perform the root exploit, offered four easy ways to tighten the security settings on your Android device. Not only do we urge anyone using Google Wallet to do this, but any Android user concerned about securing the data on his device should make sure the following Settings are turned on:

1. Enable Lock Screens: Under Settings\Security. Enable Face Unlock, Pattern, PIN, and Password to increase physical security to the device. Slide doesn’t do much.

2. Disable USB Debugging: Under Settings\USB debugging. When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.

3. Enable Full Disk Encryption: Under Settings\Security. This will prevent even USB Debugging from bypassing the lock screen.

4. Maintain Device Up-To-Date: Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this, but when you are finally prompted to upgrade your operating system, do so. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.

Bonus: Stick to official app stores. This is far less likely, but an attacker can also discover your PIN lock (which is necessary for him to root your phone) if you accidentally install a malicious app that records your personal data, including PIN. Most malicious apps are distributed through shady Chinese/Russian app stores; to be on the safe side stick to the Android Market, GetJar, and the Amazon App Store.

And always read through app permissions, as malicious apps typically make unusual requests. Most mobile security apps, like McAfee Mobile, Lookout Mobile, and F-Secure Mobile Security, come with an app auditing feature to help you keep tabs on permission requests.